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DETAILED ACTION 
Response to Amendment 

1. Applicant's amendment filed 12 December 2006 amends claims 1 and 7. Claims 13-46 
have been added. 

Response to Arguments 

2. Applicant argues, "Gray clearly shows that verification unit 20 is not part of computer 12. 
Verification unit 20 is externally interposed between keyboard 16 and computer 12." This 
argument has merit, however, in lieu of Applicant's amendments the authenticating system 
(Figure 2, element 10) is now relied upon to meet the limitation of the claimed "computing 
device". Furthermore, when considering the disclosure of Gray it is clear that the computer 12 
and the verification unit 20 make up a singular device for the simple reason that the verification 
unit 12 draws its power from the computer 12 (Col. 4, lines 15-20). Therefore, without the 
computer 12, the verification unit 12 cannot operate and therefore cannot be considered a 
"device" on its own. 

3. Applicant argues, "Gray teaches that verification data such as a security identification 
number, a password, or a Personal Identification Number (PIN) of the operation requesting 
control of the application software is stored on card 34 (col. 4, lines 31-38)- NOT within 
memory within computer 12 or memory within verification unit 20." This argument is not 
persuasive because "card 34" is an actual smartcard connected to the verification unit 20 via a 
PCMCIA card slot (Col. 4, lines 22-24). Therefore, the smartcard itself is a memory within the 
verification unit 20. However, the encrypted password stored within the smartcard is additionally 
stored in the RAM 66 of the verification unit 20 prior to comparison with the entered password 
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(Col, 7, lines 50-54). Therefore, Gray meets the claim limitation for at least two different 
reasons. 

4. Applicant argues, "Examiner has failed to set forth any legitimate suggestion or 

motivation, either in the reference themselves or in the knowledge generally available to one or 

[sic, of] ordinary skill in the art, to combine and modify Gray and Lohstroh, as suggested by 

Examiner." This argument is not persuasive because the Examiner did in fact provide very 

specific motivation for modifying the teachings of Gray, which are repeated below. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
use a hash as a step in a cryptographic process to encrypt the hash in order to reduce a 
variable length password into a fixed length, providing for greater password security by 
masking the length of and number of characters within the password. 

5. This motivation comes directly from the Lohstroh reference (at Col. 4, lines 1 1-42), 
which details the extent to which hashing passwords are commonly used by those having skill in 
the art, and the benefits inherent therewith. 

6. The remainder of Applicant's arguments are believed to be mere reiterations of previous 
arguments made for similar limitation in different claims that have already been addressed. 
Therefore, the Examiner believes all arguments have been addressed above. 

Claim Objections 

7. Claims 13-15, 17-29 are objected to under 37 CFR 1.75(c), as being of improper 
dependent form for failing to further limit the subject matter of a previous claim. Applicant is 
required to cancel the claim(s), or amend the Glaim(s) to place the claim(s) in proper dependent 
form, or rewrite the claim(s) in independent form. The claims fail to provide further steps to be 
performed by the claimed process. 
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Claim Rejections - 35 USC § 102 
8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (l)'an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1 (a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

Claims 1, 4-7, 10-13, 15-21, 23-24, 26-28, 30, 33-38, 40, 41, 43-45 are rejected under 35 
U.S.C. 102(e) as being anticipated by Gray, US patent, 6268788. 

In reference to claim 1 : 

Gray (Column 5, lines 62- Column 6, lines 20) & (Column 6, lines 55-Column 7, line 10) & 
Figure 4 discloses a method of securing access to resources in a computing device, comprising 
the steps of: 

• Storing an encrypted access code in a memory location within the computing device; 
(Figure 2 & Column 5, lines 62- Column 6, lines 20) & (Column 6, lines 55-Column 7, 
line 10) 

• Receiving a password to access the resources; (Column 5, lines 62- Column 6, lines 20) 
& (Column 6, lines 55-Column 7, line 10) 

• Encrypting the password to produce the encrypted access code; (Column 5, lines 62- 
Column 6, lines 20) & (Column 6, lines 55-Column 7, line 10) 
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• Allowing access to the resources if the encrypted access code matches the encrypted 
password. (Column 6, lines 16-20) & (Column 6, line 65- Column 7, line 5) 

In reference to claim 4: 

Gray (Column 5, lines 62- Column 6, lines 20) & (Column 9, lines 53-65) discloses the method 
of claim 1 wherein the encrypted access code is stored in a memory that cannot be externally 
modified, where the information stored on the computer system cannot be captured or tampered 
with and is stored in a secure room. 

In reference to claim 5: 

Gray (Column 6, lines 55-Column 7, line 10) discloses the method of claim 1 wherein the step of 
allowing access comprises the step of allowing access to testing resources if the encrypted access 
code matches the encrypted password. 

In reference to claim 6: 

Gray (Column 6, lines 55-Column 7, line 10) discloses the method of claim 1 wherein the step of 
allowing access comprises the step of allowing access to change system parameters if the 
encrypted access code matches the encrypted password. 

In reference to claim 7: 

Gray (Column 5, lines 62- Column 6, lines 20) & (Column 6, lines 55-Column 7, line 10) & 
Figures 2, 4 discloses a computing device compi-ising: 
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• A processing system (Figure 2, Items 40 and Items 60) 

• A memory coupled to the processing system for storing an encrypted access code; 
(Figure 2, Items 42 and Items 62) 

• Input circuitry coupled to the processing system for receiving a password to access 
resources; (Figure 2, Items 16 and Items 34) 

• Wherein the processing circuitry: 

o Encrypts the password to produce a encrypted password; (Column 6, lines 1-8) & 

(Column 6, lines 55-Column 7, line 10) 
o Compares the encrypted password to the encrypted access code; (Column 6, lines 

1-8) & (Column 6, lines 55-Column 7, line 10) 
o Allows access to the resources if the encrypted access code matches the encrypted 

(Column 6, lines 55-Column 7, line 10) 



In reference to claim 10: 

Gray (Column 5, lines 62- Column 6, lines 20).& (Column 9, lines 53-65) discloses the 
computing device of claim 7 wherein the encrypted access code is stored in a memory that 
cannot be externally modified, where the information stored on the computer system cannot be 
captured or tampered with and is stored in a secure room. 



In reference to claim 1 1 : 
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Gray (Column 6, lines 55-Column 7, line 10) discloses the computing device of claim 7 wherein 
the processing system allows access to testing resources if the encrypted access code matches the 
encrypted password. 

In reference to claim 12: 

Gray (Column 6, lines 55-Column 7, line 10) discloses the computing device of claim 7 wherein 
the processing system allows access to system parameters if the encrypted access code matches 
the encrypted password. 

In reference to claims 13, 15, 30: 

Gray discloses that the authenticating system (Figure 2, element 10) meets the limitation of the 
claimed "computing device". Furthermore, when considering the disclosure of Gray it is clear 
that the computer 12 and the verification unit 20 make up a singular device for the simple reason 
that the verification unit 12 draws its power from the computer 12 (Col. 4, lines 15-20), which 
meets the limitation of the memory location is within a processing system in the computing 
device, the memory location is in a memory subsystem within the processing system. Therefore, 
without the computer 12, the verification unit 12 cannot operate and therefore cannot be 
considered a "device" on its own. 

In reference to claims 16-18, 33-35: 

Gray discloses that the memory can include a ROM (Figure 2, 64), which meets the limitation of 
the memory subsystem comprises a memory array in which after data is written to the array, 
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further writing to the particular memory location is disabled, such that the data cannot be 
overwritten, a read only memory (ROM) coupled to the memory array, some portions of the 
memory array are externally accessible but not modifiable. 

In reference to claims 19, 36: 

Gray discloses that memory could be password protected (Col. 9, lines 21-28), which meets the 
limitation of wherein some portions or the memory array are not externally accessible and are 
not modifiable. 

In reference to claims 20, 37: 

Gray discloses that encryption keys are stored in memory (Col. 11, lines 54-56), which meets the 
limitation of an encryption key is stored in the memory array. 

In reference to claims 21, 38: 

Gray discloses that the encryption keys are generated using random numbers in the verification 
unit (Col. 12, lines 6-13), which meets the limitation of the encryption key is generated by a 
random number generator internal to the processing system. 

In reference to claims 23, 40: 

Gray discloses at least one processor coupled to the memory subsystem (Figure 2). 



In reference to claims 24, 41 : 
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Gray discloses a non-volatile memory system coupled to the processing system wherein the non- 
volatile memory system is external to the processing system internal to the computing system 
(Figure 2). 

In reference to claims 26, 43: 

Gray discloses that the memory stores an encrypted PIN for comparison (Col. 6, Hnes 55-60), 
which meets the limitation of a test ID stored in the array. 

In reference to claims 27, 28, 44, 45: 

Gray discloses that the verification unit provides cryptographic capabiHties (Col. 6, lines 55-57), 
which meets the limitation of the read only memory (ROM) further comprises cryptographic 
software, the non-volatile memory system includes application software, data files. 

Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

10. Claims 2, 3, 8, 9, 29, 46 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gray and Lohstroh et al, US patent 5768373. 



In reference to claims 2, 3, 8, 9, 29, 46: 
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Gray fails to explicitly disclose the method of claim 1 wherein the step of storing an encrypted 
access code comprises the step of storing a hashed access code. 

Lohstroh, paragraph 15 teaches 
(15) The encryption/decryption algorithm performed by units 252 and 258 is 
symmetric. Thus, since K.sub.acc is supplied to encryption unit 252, K.subMCC 
must also be supplied to decryption unit 258. Yet, as with other keys, if 
K.sub.acc is stored in plaintext form in non-volatile storage means, and 
sometime later an unauthorized person discovers the location of K.sub.acc, the 
security of data will be compromised as other encrypted keys will then become 
accessible. Therefore, access key K.sub.acc is supplied on line 232 to 
encrypting unit 234 which operates according to well-known symmetric 
encryption/decryption algorithms such as "Blowfish", which can generally be 
found in Bruce Schneier, Applied Cryptography (2d. Ed. 1995). The resulting 
encrypted signal "^Ksub.accl "^produced on line 236 is stored in storage region 
238. The key signal that is applied to encrvptin2 unit 234 on line 264 is 
K.sub.pwh and is produced by hashing unit 262 from a user-supplied password on 
line 261. '^Hashing** is generally the using of an algorithm to take a variable 
size input and produce a unique fixed-length identifier representative of the 
original input (here, the user password) . One hash algorithm, MD5, or message 
digest 5, is generally known in the art, and is suitable for hashing a user 
password . Other algorithms are also generally known and are also suitable for 
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hashing a user password in accordance with the invention. Often hash functions 
are thought to take a large block of data and reduce it to a smaller block 
However, because the user password can vary from a few characters to up to 99 
bytes in one embodiment, hash function 262 may produce a larger or smaller 
block of data than a given input (the user password) , but it will return a 
password hash (K.sub.pwh) of consistently fixed length. In one embodiment 
using the MD5 hash function, such fixed length is set to 16 bytes. 



Thus Lohstroh teaches an embodiment where an access key or "access code" is encrypted by 
first hashing it. 

''The key signal that is applied to encrypting unit 234 on line 264 is 

K,sub.pwh and is produced by hashing unit 262 from a user-supplied password on line 261. " 

Lohstroh also teaches that the password can vary from a few characters up to 99 bytes, but after 
the hash, it will return a password hash of consistently fixed length. 

It would have been obvious to one of ordinary skill in the art at the time of invention to use a 
hash as a step in a cryptographic process to encrypt the hash in order to reduce a variable 
length password into a fixed length, providing for greater password security by masking the 
length of and number of characters within the password. 
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11. Claims 14, 25, 31, 32, 42 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gray, U.S. Patent No. 6,268,788, in view of Reddy, U.S. Patent No. 6,824,051 . Referring to 
claims 14, 25, 31, 32, 42, Gray discloses that the system shown in Figure 2 (element 10) is a 
traditional computer or workstation (Col. 4, lines 13-15). Gray does not disclose that the system 
is a mobile system such as a PDA, which utilizes baseband/rf technology. However, it would 
have been obvious to provide the access control system described in Gray in a PDA embodiment 
because Gray discloses that there is an increased need to provide protection to sensitive 
information stored within computers systems (Col. 1, lines 19-37) and Reddy shows that PDAs 
are a reasonable form of computer system (Col. 6, lines 25-33). 

12. Claims 22, 39 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gray, U.S. 
Patent No. 6,268,788, in view of Debry, U.S. Patent No. 6,314,521. Referring to claims 22, 39, 
Gray does not disclose that the encryption key is generated and stored at the time of 
manufacture. Debry discloses a device that stores an encryption key that was generated and 
stored at manufacture (Abstract). It would have been obvious to one of ordinary skill in the art at 
the time the invention was made for the encryption key of Gray to be stored in the system at the 
time of manufacture in order for the encryption key to be stored in a tamper proof manner as 
taught by Debry (Col. 8, lines 18-28). 

Conclusion 
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13. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1,1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin E. Lanier whose telephone number is 571-272-3805. 
The examiner can normally be reached on M-Th 6:00am-4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
^ system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



